Thursday, 30 July 2015

What's Your Mother's Maiden Name?

In 2008 there were 77,600 cases of identity theft reported to CIFAS[1], the United Kingdom's fraud prevention service. By 2012 this figure had risen to 123,600 and although it fell slightly in 2013 (to 108,500), identity theft is the UK's fastest growing method of criminal activity. Whether it is phishing, or vishing, shoulder surfing or card skimming at the ATM, or old fashioned rooting through rubbish for  bank statements and the like, there are so many vulnerable points in our lives that a thief could exploit and with each new piece of technology that comes along, those vulnerabilities increase. Just recently the news has carried stories of the threat to the public posed by thieves intercepting data from contactless payment cards and with Apple Pay just having been launched there will doubtless come tales of security vulnerabilities and fraud through that medium in the not too distant future.

Any vulnerabilities in Apple Pay will come to light, sooner or later.


From the individual's perspective, the fight against fraud and identity theft is similar to the security services' fight against the terrorist; the fraudsters only have to get lucky once while the public have to be ever vigilant, a difficult task when the crooks are perpetually innovating new techniques to part us from our money. The current method of choice appears to be the vishing scam where the fraudsters dupe their victims into withdrawing or transferring large sums of money from their bank accounts or deceive them into handing over their bank cards and revealing their PIN. One might think that with the amount of publicity these scams have received there would be no one left gullible enough to be taken in, but apparently there remain enough people unaware or easily duped for this form of fraud to remain popular and just last November two couples in Tunbridge Wells lost £57,000 between them. Even ex-bank managers can be fooled; a Nat West manager with 40 years' service is among victims of this type of crime.

Got one of these? You are at risk.


Touch wood, I've not had any of these sorts of calls. I have had calls advising me that I've recently been involved in an accident (not surprisingly, when I ask for details the caller is unaware of any) and I've had plenty of calls asking me to take part in surveys. To date I've also not had any calls purporting to be from Windows Support, but I did have a weird call some years ago that illustrates how even the most careful of us can get taken in.

Having working in banking for many years, and in the last couple years of my time in the bank in Risk Management, you would think that I would be quite familiar with the type of phone call that might be suspicious, but the call I had proved how easily one can be taken in, especially if you are off your guard.

It happened one evening. The phone rang and a chap introduced himself as being in BT's sales department. Would I be interested in broadband? he asked, and as it happens I was. We'd been discussing getting broadband as we were becoming increasingly frustrated by the slow speeds and inconvenience of dial-up, so I said yes. Of course had I actually already had broadband or just not been interested, this would have gone no further, but as it was the timing made me vulnerable. The man on the other end of the phone talked me through the process, but first he had to ask some security questions, didn't he? and like a patsy, I answered them, including the ubiquitous mother's maiden name question. He concluded the call by telling me that my new broadband router would be delivered within the week and that if I had any problems, to call 150, the usual BT contact number.

A week or so passed and no sign of the new router, so I called 150 and enquired about its whereabouts. BT had no record of the order. Fortunately I had the name of the guy who had called me, so I asked to speak to him. They had no one of that name in the sales department; they did have a senior executive with that name, but obviously he would not have been making sales calls! As you might imagine, I hung up on that call with a degree of unease and at the earliest opportunity checked my bank and credit card accounts for any suspicious activity; there was none. What I probably ought to have done, and certainly would do now, was check my credit score. In fact, out of interest , because I'm  writing this, and because there are all sorts of nasty things happening out there that we are all blissfully unaware of, I just checked my score, which was interesting. Even more interesting is how much information there is about us all out there in the ether and how easily and quickly this can be aggregated and used both by us and by legitimate enquirers.

Apart from the huge raft of publicity about scam calls, my "BT" experience has made me highly suspicious of any unexpected phone call, suspicious to the extent of treating calls from legitimate sources with some distrust. My bank phoned me a couple of weeks ago and in truth I was half expecting the call, which was about a new Standing Order instruction.  I fully understand why, even though they have phoned me on the number they have in their records, they wanted to ask me a few security questions but even this call was one I was initially very cautious about. A former colleague of mine had a call purporting to be from his bank (and as he worked for the same bank you can understand why he was suspicious when they started asking unexpected "security" questions), which he quickly identified as fraudulent by answering one question incorrectly and not being corrected.  I have found that a tactic that usually deters callers like those who want to undertake surveys or sell you something or help you following your "accident" is to answer every question with a question, or better yet ask lots of questions of your own before they get the chance to ask any themselves. Genuine callers will field your questions, the scammers will lose patient and hang up. I have made it my mission to get the cold callers to hang up first and by and large I've succeeded.

And I bet you've had one of these.


The fact that I am aware of a lot of the scams that are out there doesn't make me 100% safe of course. Anyone can be a victim because the fraudsters are coming up with new schemes all of the time. A high level of scepticism and a finely tuned bullshit detector are essential in this day and age.







[1] https://www.cifas.org.uk/

No comments:

Post a Comment

Readers Warned: Do This Now!

The remit of a local newspaper is quite simple, to report on news and sport and other stories relevant to the paper’s catchment area. In rec...